Trusted Solaris Administrator's Procedures

Conditions for Access to Other's Jobs

An account invoking the at, atq, atrm, or crontab commands can look at, edit, or remove jobs belonging to another user only when the following conditions are met.

For the at, atq, or atrm commands, the following conditions must apply:

  1. The specified username or the username of the specified job's owner is one of the special system account names listed in the at.admin file and condition 3 is true, or

  2. The username of the specified at job's owner is the name of a role account and condition 3 is true.

  3. The account has the Edit Owned Jobs authorization in a rights profile.

  4. If neither condition 1 nor condition 2 is true, the invoking account must have the Manage All Jobs authorization in a rights profile.

For the crontab command, the following conditions must apply:

  1. The specified username is one of the special system account names listed in the cron.admin file and condition 3 is true, or

  2. The specified username is one of the role account names and condition 3 is true.

  3. The invoking account has the Edit Owned Jobs authorization.

  4. If neither of 1 or 2 is true, the invoking account must have the Manage All Jobs authorization in a rights profile.